COMP412 Computer Security Final Exam Booklet PDF

Summary

This document is a final exam booklet for Computer Security (COMP412) at Macao Polytechnic University. It covers topics including security introduction, modern ciphers, public key encryption, authentication, key management, network security, number theory, and asymmetric key cryptography.

Full Transcript

COMP412: Computer Security
Final Exam Booklet
Dr. Kim, Song-Kyoo (Amang)
Associate Professor,

Computer Science Program
MACAO POLYTECHNIC UNIVERSITY
Macau, SAR

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR
 Notice

 This booklet is designed for helping students to
prepare their final exam.

 But it is noted that the booklet only partially
covers the scope of the final exam.

 Students should study more enough to cover all
scope of the final exam on the top of this
booklet.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 2/92
 Final Exam Coverage
 Knowledge based questions
Before Mid term
Security Introduction
Modern Ciphers
Public Key Encryption (RSA, DH-Key)
After Mid term (more portion)
Authentication / Biometric / ECG
Key Management / PGP / IPsec / Wireless
Network Security
Final Exam Booklet
 Practice based questions
Number Theory;
Asymmetric key cryptography (RSA);

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 3/92
 Core Summery

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR
 Definition of Computer Security (1/3)
 Objectives of Computer Security (CIA triad)

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 5/92
 Definition of Computer Security (2/3)

 Confidentiality

Data confidentiality: Assures that private or confidential
information is not made available or disclosed to
unauthorized individuals.
Privacy: Assures that individuals control or influence what
information related to them may be collected and stored
and by whom and to whom that information may be
disclosed.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 6/92
 Definition of Computer Security (3/3)

 Integrity

Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
System integrity: Assures that a system performs its intended
function in an unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the system.

 Availability

Assures that systems work promptly and service is not denied
to authorized users.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 7/92
 X.800 Security Service (1/3)
 Confidentiality
protection of data from unauthorized disclosure
 Integrity
assurance that data received is as sent by an authorized
entity
 Authentication
assurance that the communicating entity is the one claimed
 Access Control
prevention of the unauthorized use of a resource
 Non-Repudiation
protection against denial by one of the parties in a
communication
Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 8/92
 Hash Function

 A hash function accepts a variable-size message M as
input and produces a fixed-size hash code H(M), called
a message digest, as output
 The purpose of a hash function is to produce a
“fingerprint” of a file, message or other block of data
 Hash function is public and not keyed whereas MAC is
keyed
 It provides an error-detection capability (Integrity)
To detect changes in messages
 With an encryption on the hash value, it provides
authentication as well (Digital signature)

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 9/92
 Security network architecture design (1/4)
 Component type (Backup type I)
(private and public) Data: authentication, multi-media,
transaction data, …
System (or services): demons, service servers,
Infrastructure: telecommunication (routers, gateways, …),
electronic power line, …
 Standby type (Backup type II)
Hot-standby: Recovered without booting/backup times
Cold-standby: Booting/backup times are required.
 Network type
Intranet: private network (e.g., Isolation)
Internet: cloud services (e.g., AWS)

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 10/92
 Feistel Cipher (2/2)
 Feistel Example
Block size (64 or 128 bits) larger gives more diffusion.
Key size (128 bits): larger leads to more confusion.
Number of rounds – 16 rounds
Subkey generation & Round function F: should be complex

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 11/92
 Biometrics (18/20)
 Retina Biometric (1/2)
Blood vessel of retina

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 12/92
 Biometrics (19/20)
 Retina Biometric (2/2)
Advantages
Low occurrence of false positives
Extremely low (almost 0%) false negative rates
Highly reliable because no two people have the same retinal
pattern
Speedy results: Identity of the subject is verified very quickly
Disadvantages
Measurement accuracy can be affected by a disease such as
cataracts
Measurement accuracy can also be affected by severe astigmatism
Scanning procedure is perceived by some as invasive
Subject being scanned must be very close to the camera optics
High equipment cost

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 13/92
 Biometrics (9/20)
 Biometric Overview

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 14/92
 Wired Equivalent Privacy (WEP)

 Wi-Fi security standard in September of 1999
 U.S. restrictions on the export of various
cryptographic technology  64-bit only
 Now the key size is up to 128-bit or 256-bit.
 Numerous security flaws were discovered. WEP
passwords can be cracked in minutes using freely
available software.
 Wi-Fi Alliance officially retired WEP in 2004.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 15/92
 Wi-Fi Protected Access (WPA)

 WPA was the Wi-Fi Alliance’s direct response and replacement
to the increasingly apparent vulnerabilities of the WEP standa
rd.
 The key size of WPA-PSK (pre-shared key) is 256-bit.
 WPA implemented with the temporal key integrity protocol (T
KIP), which works as a wrapper of WEP.
 TKIP uses RC4 as its basis.
 Some improvement over WEP:
A cryptographic message integrity check to protect packets
An initialization-vector sequencing mechanism that includes hashin
g, as opposed to WEP's plain text transmission
A per-packet key-mixing function to increase cryptographic strength
A re-keying mechanism to provide key generation every 10,000 pac
kets.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 16/92
 RSA Key Generation Summary
 RSA Algorithm

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 17/92
 Disaster Recovery
 IT managerial aspects of security
Prevention:
Minimum vulnerable operating system that can make hacking or viral
destruction difficult.
Defense:
Any form of defense against an attack, once the wall is broken (e.g.
antivirus software, firewalls)
Disaster Recovery Management (contingency plan):
The plan and actions when a damage has been rendered and a
relevant back-up system is needed, along with repair of failed items or
components.
 Third category is the least explored area in the global
security, even though there are some noticeable (but
scattered) efforts.
Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 18/92
 Security network architecture design
 Component type (Backup type I)
(private and public) Data: authentication, multi-media,
transaction data, …
System (or services): demons, service servers,
Infrastructure: telecommunication (routers, gateways, …),
electronic power line, …
 Standby type (Backup type II)
Hot-standby: Recovered without booting/backup times
Cold-standby: Booting/backup times are required.
 Network type
Intranet: private network (e.g., Isolation)
Internet: cloud services (e.g., AWS)

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 19/92
 Miscellaneous

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR
 Miscellaneous (1/4)
 Security Attacks
It is an any action that compromises the security of
information owned by an organization.
 Secure Socket Layer
It provides basic security to various higher-layer protocols
which consist of two layers above TCP.
 Encipher
The process of converting plaintext to ciphertext using a
cipher and a key.
 Decipher
The process of converting ciphertext back into plaintext using
a cipher and a key.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 21/92
 Miscellaneous (2/4)
 X.509
It is one of major standard for digital certificate which
developed by ITU-T.
 IPSec
It provides a set of security algorithms and a general
framework that allows a pair of secure communicating
entities.
 X.800
Security Architecture for Open System Interconnection (OSI)
defines a systematic way of defining and providing security
requirements.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 22/92
 Miscellaneous (3/4)
 Data confidentiality
Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.
 Privacy
Assures that individuals control or influence what information
related to them may be collected and stored and by whom
and to whom that information may be disclosed.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 23/92
 Miscellaneous (4/4)
 Birthday attack
It gives higher probability to find pair with same hash when
two sets of messages are compared.
 Data confidentiality:
Assures that private or confidential information is not made
available or disclosed to unauthorized individuals.

Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 24/92
Faculty of Applied Sciences, Macao Polytechnic University, Macau, SAR 25/92